Create MS365 Service Account

This description takes you thru the steps needed to get your Microsoft 365 tenant ready for LoopSign.
Please follow the steps carefully and do not skip any of the steps described unless they are marked as optional.

Back

1. Introduction

LoopSign Microsoft365 calendar Widget communicates directly to the MS365 tenant by utilizing the MSgraph API’s useing HTTPS interface protocol with TLS 1.2 encryption.

2. Prerequisites

The LoopSign Calendar Widget needs a service account that has rights to read the resource calendars (Meeting room calendars). The service account need full rights to the meeting rooms. 

LoopSign needs all of the rooms that are to be shown to be present in one or several room lists.
By default rooms are not organized in any lists, so if your exchange is not configured with room lists, please do so. 

3. Create Service Account

Make sure that the service account does not have MFA (Multi factor authentication) enabled and that the account is not required to change password after a period of time.

Go to https://admin.microsoft.com/ and log on as your Microsoft 365 administrator.

  • Select “Active users” and click “Add a user”
  • Create a new user that will be the Service account.
    Make sure to set the password manually and untick that the user must change the password at first logon.  
    Click the “Next” button

The service account needs a mailbox and therefore a Microsoft 365 license that contains Exchange Online Plan 1 or 2.
(Minimum 365 Business Basic or 365 Enterprise E1)

  • Assign license and click “next” button.

No additional settings are needed (this is a regular user)

  • Click “next” then “Finish”.

4. Assign service account rights to the meeting rooms

LoopSign will only be able to connect to rooms where the service account has full delegated rights.

Open the Exchange Online admin console and log in as administrator https://admin.exchange.microsoft.com/

  • Select “Resources” in the left menu, click the resource (room) you want to add the service account and click “Manage delegates”
  • Add the service account created in step 2.2 and set rights to “full access” then press save.
  • Repeat these steps for all the rescources (rooms) that are to be shown by LoopSign.

5. Create Room Lists

LoopSign will only be able to see rooms that are a member of a roomlist. If you do not have any roomlists you will need at least one for LoopSign to work. If you create a new room it needs to be added to a roomlist before it can be shown by LoopSign.

Please note that changes made in Microsoft 365 environment (create/change/delete – rooms and roomlists) might take up to 48 hours before they are exposed to the MSgraph API. So if your changes is not available for LoopSign, be patient. (This issue is raised as a support issue with Microsoft, so hopefully it will be better)

Open the Exchange Online admin console and log in as administrator https://admin.exchange.microsoft.com/

  • Select “Groups” in the left menu, select “Add a group” set group type to “Distribution” and click “Next”

 

 

  • Give the roomlist a name and click “Next”

 

  • Set an email adress for the roomlist and click “next” and “Create Group”

 

  • Select the roomlist in the “Groups” overview.
    (Note, it might take a minute before the list you created will be visible, use the refresh button)

 

  • Click “View all and manage members” then add all rooms you want to be a member for this roomlist.
    Then click “Save Changes”

Please note that the roomlist currently is defined as a distribution list and needs to be converted to a roomlist.

5.1 Convert distribution list to room list

The conversion is done in Microsoft 365 Powershell. If you are not familiar with powershell this task might be a bit complicated. Note that you have to have “Global Admin” rights to perform this task.

To start powershell, right click the “Windows” logo in Windows 10 and select “Windows Powershell Admin” in the start menu.

Run the following command: Set-ExecutionPolicy RemoteSigned
Accept to change the execution policy. (A)

Install the needed powershell modules for managing Exchange Online.
Run the following command: 
Install-Module -Name ExchangeOnlineManagement

Connect Powershell to Exchange Online (Administrator user)
Run the following command:
Connect-ExchangeOnline -UserPrincipalName admin.name@yourdomain.com
Log in with credentials if needed.

Convert the distribution list to a room list
Run the command:
Set-DistributionGroup -Identity “Your Distribution List Name” -RoomList

5.2 Optionally - Add new rooms to roomlist

If you at a later stage need to add more rooms to the already created roomlist you can do so with by entering Powershell and log into your Office 365 tenant as as described in section 4.1, then run the following powershell command:

Add-DistributionGroupMember –Identity “Room list” -Member “Meeting Room”

6. Optional – Enable show meeting subject

By default, events scheduled in the meeting room calendars will show the name of the organizer instead of the actual event title.

This is a security feature and changing this behavior should be introduced with care. If your organization would like to save subject titles of meetings in the room calendar (So it can be shown on the LoopSign) This is easily fixed through Powershell command. 
Please note that all subjects of meetings booked will be visible for everyone unless the meeting is set to private.

To enable subject, run this powershell command:
Get-Mailbox -RecipientTypeDetails RoomMailbox | Set-CalendarProcessing -AddOrganizerToSubject $false -DeleteSubject $false -DeleteComments $false -RemovePrivateProperty $false

wpChatIcon
wpChatIcon